My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
6.6. ERMUSR 05-16-2006
ElkRiver
>
City Government
>
Boards and Commissions
>
Utilities Commission
>
Packets
>
2003-2013
>
2006
>
05-16-2006
>
6.6. ERMUSR 05-16-2006
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
3/31/2009 3:44:30 PM
Creation date
3/31/2009 3:44:30 PM
Metadata
Fields
Template:
City Government
type
ERMUSR
date
5/16/2006
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
11
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
The Plan(s) will backup ePHI, and critical applications according to existing Plan Sponsor <br />information system backup procedures and policies. <br />Disaster Recovery, Emergency Mode Operation Plan, Testing and Revision Procedures <br />[§164.308(a)(1)(ii)(B), §164.308(a)(1)(ii)(C), §164.308(a)(1)(ii)(D), §164.312(a)(2)(ii)] <br />It has been determined that a formal disaster recovery operation plan applicable only to ePHI <br />is not reasonable or necessary. The Plan(s) will operate in the event of an emergency based on <br />existing emergency operation procedures of the plan sponsor, including granting access to <br />facilities during an emergency. <br />The Plan's Security Official will periodically review The Plan's contingency procedures to <br />determine if changes or testing of the procedures is appropriate. <br />7. Business Associate Contracts <br />The Plan(s) will allow a Business Associate of The Plan(s) to create, receive, maintain, or <br />transmit ePHI on behalf of The Plan(s), only once The Plan(s) obtains written assurance <br />through the use of business associate agreements that the Business Associate will <br />appropriately safeguard The Plan's ePHI as required by § 164.314(a). <br />8. Facility Access Controls <br />The Plan's ePHI is not located in facilities or locations that make it reasonable to implement <br />facility security, access control or maintenance of security records procedures applicable ePHI <br />locations only. Physical access to facilities where ePHI is maintained will be subject to <br />existing Plan Sponsor physical security procedures and policies when applicable. <br />9. Workstation Use and Security and Access and Audit Controls <br />[§164.310(b), §164.310(c), §164.312(a)(2)(i), §164.312(a)(2)(iii), ~164.312(a)(2)(iv)] <br />The Plan(s) implements the following procedures to control access to ePHI and manage <br />access to workstations that can be used to access ePHI. <br />Employees will be assigned unique user names and passwords for systems used to access ePHI. <br />These unique user IDs maybe assigned according to existing Plan Sponsor system access policies <br />and procedures. <br />The following workstation procedures will be implemented to mirturuze the potential risk of <br />inappropriate use of ePHI to the extent possible and reasonable. <br />a. When accessing ePHI on a workstation, employees will reduce visible windows or close <br />programs whenever they are not physically present at the workstation or when individuals <br />not authorized to access the ePHI can view the workstation. <br />b. Workstation screensavers will be set to engage at a reasonably short timeframe. <br />c. VC~orkstations located in areas where viewing by unauthorized individuak is likely will be <br />equipped with monitor screens that limit the visibility of data to anyone other than the <br />workstation user. <br />d. Users with portable workstations such as laptops or PDAs are not allowed to store ePHI on <br />workstation drives. All ePHI should be stored on Plan Sponsor servers subject to security <br />
The URL can be used to link to this page
Your browser does not support the video tag.